A Guide to BCM Body of Knowledge (BCMBoK)

a guide of bcm body of knowledge (bcmbok)

The purpose and objectives of the BCMBoK runs parallel to those of the ISO 22301. The document provides organizations and BCDR professionals a single source of reference while developing a resiliency capability.

The BCM Institute put together a set of standardized BCM definitions and practices in what is known as the BCM Body of Knowledge (BCMBok) Guide that covers a wide range of topics including crisis management, crisis communication and disaster recovery. The document was released in 2009 as a whitepaper and provides organizations across industries and sectors a consistent framework of reference for business continuity management.

Since business continuity management is a vast field that covers different and diverse topics, the BCMBoK was developed and introduced with the aim of compiling the essential aspects of each field into a single body of work. The BCMBoK can be used by professionals with prior knowledge and experience in fields such as BCM Audit, business continuity management, crisis communication, crisis management or disaster recovery as well as other relevant disciplines.

BCMBoK consists of 7 main subdivisions:

  • Project Management
  • Risk Analysis & Review
  • Business Impact Analysis
  • Business Continuity Strategy
  • Plan Development
  • Testing and Exercising
  • Program Management

For the convenience of certification, each subdivision is further segregated into three course levels.

Course LevelCertification Obtained on Completion
FoundationPlanner
IntermediateSpecialist
SpecialistExpert

 

The only exception is the BCM Audit course that begins directly with the Intermediate level. Individuals completing this course are certified as Auditors. The intermediate level is followed by the Advanced level on completion of which personnel are granted the Lead Auditor certification.

BCMBoK Project Management

This course outlines the minimum project management requirements for a BCM professional.

  • Synchronizing executive management
  • Establishing achievable expectations
  • Defining the prerequisites for project success
  • Outlining and sharing the prerequisites for planning:
    • Business Continuity
    • Crisis Communication
    • Crisis Management
    • Disaster Recovery
  • Delegating roles and responsibilities
  • Making individuals accountable for completing specific tasks
  • Creating an efficient work plan with deadlines
  • Establishing resource requirements
  • Estimating the project’s budget

BCMBoK Risk Assessment & Review

This course outlines the minimum requirements for risk assessment and review that are expected from a BCM professional.

  • Analyze organizational risks from a BCM perspective
  • Get acquainted with risk assessment principles
  • Develop a relevant framework for evaluation
  • Detect all business threats from internal and external sources, the chances of their occurrence and the extent of damage they can cause
  • Becoming familiar with the different types of risk treatment
  • Implementing risk treatment activities such as
    • Risk avoidance
    • Risk reduction
    • Risk transference
    • Risk acceptance
  • Strategizing risk treatment
  • Comparing options for minimizing risks against specifications and expenses
  • Assessing if
    • Current business processes are insulated against risks
    • Comprehensive plans are in place to respond to emergencies
  • Obtaining approval for the risk treatment strategy from the leadership and management teams

BCMBoK Business Impact Analysis

This course outlines the bare minimum prerequisites for business impact analysis that a BCM professional would have to meet.

  • Establishing the scope of the BIA process
  • Deploying a business impact analysis process
  • Understanding the current framework for collecting BIA data
  • Selecting and using the most appropriate BIA data collection framework
  • Developing a personalized BIA questionnaire
  • BIA Data Gathering
    • Recognizing support critical business function (CBF) tasks and owners
    • Assessing the impact of all possible disruptions to business
    • Establishing time-frames within which operations must be restored
    • Determining inter and intra dependencies
    • Identifying crucial documents necessary for recovery
    • Providing documentation for all
      • Critical business functions
      • Critical processes and
      • Critical applications
    • Establishing resources for continuity
      • Facilitating resource information in order to suggest or choose a relevant BC strategy
      • Establishing resource needs for internal and external auxiliary tasks
      • Outlining the resource requirements in terms of headcount, technology, and telephony for continuing operations at a functional level
    • Obtaining Approval from Leadership and Management Teams
      • Asking executives responsible for processes to provide sign off requirements
      • Forwarding requirements to the executive management team
      • Getting approval to develop a BC strategy based on the findings

BCMBoK Business Continuity Strategy

This course outlines a BCM professional’s basic requirements for developing a business continuity strategy.

  • Establishing recovery strategies for business units across the organization
  • Putting together a cost benefit assessment for the chosen strategies
  • Choosing a backup location and alternate site for storage
  • Identifying alternate plans to ensure continuity of operations while recovery is underway
  • Identifying and implementing the necessary backups for business and IT processes
  • Compiling all strategies to create a list of plans for recovering mission critical processes to be approved by the leadership and management teams

BCMBoK Plan Development

The Plan development stage details a sequentially ordered series of tasks that are executed to mitigate the negative impacts of incidents. These threats and incidents are identified during the risk assessment and review stages.

The primary objective is to implement protective measures for operations that have been earmarked as mission critical during the business impact analysis (BIA) exercise.

  • Documenting the organization’s mission critical operations that must be restored with minimum downtime and expense
  • Developing user friendly templates for business continuity, crisis communication, crisis management and disaster recovery
  • Developing these plans based on the end user’s existing skills sets and familiarity with the domain
  • Providing information on where to access resources, repair and replacement services
  • Establishing how the recovery team has to be organized
  • Managing the recovery team’s staffing requirements
  • Design, deploy and test processes that bring the situation under control after a crisis
  • Establishing protocols for working with official as well as external agencies
  • Handling press and media queries during the emergency
  • Develop and execute plans for BC, CC, CM and DR

BCMBoK Testing and Exercising

This phase establishes the minimum requirements for a Business Continuity Management (BCM) professional to test and exercise implemented plans thoroughly enough in order to validate the organization’s BC, CC, CM and DR capabilities.

  • Ensuring that testing and exercises have clearly defined objectives, policies, guidelines, responsibilities and specifications
  • Prioritizing process effectiveness and ease of access to resources while testing
  • Ensuring that processes have been thoroughly tested and relevant data has been collected
  • Assess, modify and present data gathered during testing and exercise drills to the leadership and management team

BCMBoK Program Management

This phase outlines the minimum requirements for a BCM professional to ensure that plans are up to date and functioning properly.

  • Creating a formal framework for maintaining the plans
  • Maintaining awareness amongst personnel across the organization
  • Incorporating resiliency capabilities into the company’s mainstream commercial objectives
  • Making resiliency a deciding factor while formulating business strategy
  • Aligning the company’s BC, CC, CM and DR capabilities with international standards
  • Creating an objective framework for evaluating the feasibility of plans
  • Ensuring that plans are up to date
  • Incorporating BCM objectives into organizational culture
  • Auditing the plans periodically to detect glitches and identify areas for improvement

See for yourself how the application works
Witness our cloud based platform’s security capabilities in action
Play around with the software and explore its features
Compare and choose a solution that’s relevant to your organization
Consult our experts and decide on a pricing mechanism

Request a Demo

Disasters

Request a Demo